Data leak embarrasses Colorado sheriff, terrifies informants

The Mesa County, Colorado, Sheriff’s Dept accidentally published the personal information of 200,000 “customers:”

The leak started flowing when a county IT employee who had legal access to the database copied it to another server in April of this year. According to the Associated Press, the employee had copied over the database in the form of a giant text file with everyone’s information available in plaintext, assuming that the target server was secure.

[…]

This kind of data leak—the kind that occurs as a result of employee actions and not outside “hackers”—is surprisingly common. State employees (and the IRS) seem to always be losing laptops that contain personal information about citizens, and the military recently enacted (another) ban on external disks accessing the network in order to prevent another WikiLeaks bomb from going off.

Security experts warned in the past that employees tend to be the greatest threat to company security—a lesson that the Mesa County sheriff’s department has now learned the hard way.

I can’t help but wonder why the IT employee exported the database to plain text and left it on a server for months — does he suck at SQL and excel at using Find in Notepad?  Was this how he backs up his database?

And then, of course, there are the questions about who the custodian and owners of the data were, what policies does the Sheriff’s office have about this sort of thing, and is this going on the employee’s annual review?

via Data leak embarrasses Colorado sheriff, terrifies informants.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s